Author Topic: 69.64.155.119 - Redirects to rogue  (Read 3401 times)

0 Members and 1 Guest are viewing this topic.

June 28, 2009, 08:19:59 pm
Read 3401 times

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
4clever.com
aakiture.com
aalockdoc.com
abbystreats.com
adaptivedesigns.net
allinalabama.net
alrashedeen.net
amadeusimmortal.com
arielbooks.com
av-club.net
beautiful-blossoms.com
bfwg.org
creamlove.com
corstiaandevries.com
costanera700.com
diacfaauto.com
dogcap.com
domovie.com
donotstandatmygrave.com
dtz.tv
dudobb.com
escortshosting.com
ffxiphotos.com
firewater.cc
floridahawg.com
f-l-i-p.com
gavinleisfield.com
giustyle.net
globelexchange.com
go-101.com
grannah.com
guyana.tv
ids-fl.com
kom-unik.com
mainehealthreform.org
muarmaya.com
mydietpatch.com
newtech-ibs.com
online-pheromone-review.com
onlyvisainfo.com
paramountpromo.com
plastik.us
plusonedating.us
plxsystems.com
revistapymes.com
scubaprwire.com
simonsphotographic.com
slimcity.com
southernoffroadoutlaws.com
sunvalleytree.com
swanhost.com
ta4host.com
thejacksonjournal.com
tight-jeans.net
totalhomespa.com
wildanimalrehab.com
worldscoutjamboree.org

All redirects to rogerscenter[.]cn then bestscanpc[.]com

example:
Code: [Select]
hxxp://wildanimalrehab.com/op1.js=http://www.theriverlive.cn


June 28, 2009, 09:13:02 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
I'm unable to reproduce it.

I don't see any redirection from those domains and the url from your example doesn't exist.
Ruining the bad guy's day

June 29, 2009, 03:01:13 pm
Reply #2

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Have you checked with Malzilla instead of a browser?

June 29, 2009, 05:58:38 pm
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Have you checked with Malzilla instead of a browser?

Yes, I have. Still nothing.

Can you give me a detailed example ?
Ruining the bad guy's day

June 29, 2009, 08:24:27 pm
Reply #4

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
69.64.155.119 is a server used for parked web pages, it might be possible that the domain which was directing to malware became parked before you resolved it, and when you resolved it you got the parked IP. It can happen quite a lot.